Use SSH short-lived certificates for other hostnames

Dear all,

I have successfully set up SSH short-lived certificates for one host (eg. demo.example.com) but now I’m trying to reuse those certificates for all domains under my zone, without having to proxy them through Access.

I’ve been able to do so for a single host by adding the following to my SSH local config:

Host other.example.com
  ProxyCommand bash -c '/opt/homebrew/bin/cloudflared access ssh-gen --hostname demo.example.com; ssh -tt %[email protected] >&2 <&1'

Host cfpipe-other.example.com
  HostName other.example.com
  IdentityFile ~/.cloudflared/demo.example.com-cf_key
  CertificateFile ~/.cloudflared/demo.example.com-cf_key-cert.pub

It works just fine but now I’m at my limits of SSH config. I’d like to generalize with a wildcard. Eg. Host *.example.com, any idea on how I could achieve this?

I know this is not fully supported by Cloudflare, but I’d appreciate any help ; )

Thanks.